This is the mail archive of the ecos-discuss@sourceware.org mailing list for the eCos project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Re: On Porting OpenSSL v1.0.0c


Sergei,

> My 2 cents:
>
> I would look at PolarSSL
> 1) http://polarssl.org/features
> 2) http://polarssl.org/licensing
>
> IMO, point #2 is valuable thing to port PolarSSL to eCos.

Looks Ok, but I see no mention of an interface to encryption hardware
accelerators.
That is a big sticking point for us.

>
> Yet another candidate with dual licensing also would be... yaSSL
> http://www.yassl.com/yaSSL/License.html

This project seems very young and doesn't seem to have a very big user or
developer base. Too high risk for a commercial product.

>
> However, IANAL.
>
> But, both these SSL libraries were designed with a word "embedded" in a
> mind.
>
> Well, OpenSSL has much muscles, but, What's about thin SSL for embedded
> World (=eCos)?

Yes, I know OpenSSL is overkill for most embedded security needs. However,
it is the most active, used, and tested tested of any SSL library. It has a long
history and doesn't seem to be going away anytime in the near future.

It also has some focus on using encryption hardware accelerators through their
ENGINE interface. Although, it currently has some limitations, but
it's a start in
the right direction.

Also, the OpenSSL code is pretty modular. I think I can slice and dice it and
make it configurable enough that the memory footprint would be reasonable
for the desired functionality.

For these reasons, I think an open port of OpenSSL to eCos would be worthwhile.

I would still like to hear if this is of interest to anyone else and
get some input from
the eCos maintainers.

I know those from eCosCentric probably aren't too happy to hear about the
possibilities of a completely open port of the latest OpenSSL library for eCos,
since this would be in direct opposition to their ecos-SecureSockets product
(which is a closed port of OpenSSL v1.0.0a).

>>
>> Perhaps this inquiry is better suited for the ecos-devel mailing list?

I would still like to know the answer to this, before I go off and upset someone
for cross posting.

-- 
Michael Bergandi

-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]